68249a5654e58c79560a80184f6fb950_JaffaCakes118

General

Target

68249a5654e58c79560a80184f6fb950_JaffaCakes118
Size

132KB
MD5

68249a5654e58c79560a80184f6fb950
SHA1

831595aafc1ccd9eeb8f40aaf42eae82e9da9882
SHA256

0c8eebe810d01346b493d11b98dbfde6d5f28829dd1961316abe36cf4a211c27
SHA512

b2768108747b27782c6a60241c30225327940a9b42262217aaa991e3e64529fcc2e225127c0dda5a69f83bc51b7c307329e56d503f0006f526f97177f34ccdb6
SSDEEP

3072:BEkqIlTuuhI6REvIVaQiC7qP959s7PWVrA4byCo8d:KiTzD+159s7+W4GCD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68249a5654e58c79560a80184f6fb950_JaffaCakes118

Files

68249a5654e58c79560a80184f6fb950_JaffaCakes118
.exe windows:4 windows x86 arch:x86

27febde8c0e72506f0c43a78cf4a76d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSQueryUserToken
WTSLogoffSession
WTSCloseServer

secur32

QuerySecurityPackageInfoW
InitializeSecurityContextW
QueryContextAttributesW
RevertSecurityContext
FreeContextBuffer

kernel32

LockFile
LoadLibraryA
GetProcAddress
GetModuleFileNameA
WriteFile
RtlUnwind
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetCurrentThread
DuplicateHandle
PeekNamedPipe
GetShortPathNameW
GetEnvironmentVariableW
ResetEvent
FindFirstChangeNotificationW
DeleteFileW
OpenMutexW
CreateMutexW
FlushFileBuffers
CreateThread
LocalFree
LocalAlloc
WriteConsoleW
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapFree
Sleep
UnlockFile
GetLastError
CloseHandle
GetFileType
CreateFileW
GetModuleHandleA
GetStartupInfoW
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetStdHandle
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEndOfFile
ReadFile
UnhandledExceptionFilter
GetModuleFileNameW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

27febde8c0e72506f0c43a78cf4a76d7

Headers

File Characteristics

Imports

version

wtsapi32

secur32

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 72KB - Virtual size: 626KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 72KB - Virtual size: 626KB